Device authentication to facilitate secure cloud management of industrial data

US 9,825,949 B2
Filed: 02/27/2015
Issued: 11/21/2017
Est. Priority Date: 03/26/2014
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory that stores computer-executable components;

a processor, operatively coupled to the memory, that executes the computer-executable components, the computer-executable components comprising;

an authentication component configured to;

receive, over a wide area network, an authentication request from a cloud agent device operating on a local area network in communication with a plurality of industrial devices associated with an industrial process in a facility;

in response to the authentication request, generate an access key that authenticates the cloud agent device with a cloud platform for a defined period of time, wherein the access key uniquely identifies the cloud agent device for the facility; and

transmit the access key to the cloud agent device; and

a cloud data processing component configured to;

receive, at the cloud platform, one or more data packets from the cloud agent device during the defined period of time;

assign respective industrial data contained in the one or more data packets to priority queues in the cloud platform based on respective header data included with the one or more data packets, wherein the respective priority queues have different priority levels for data processing;

select a manifest assembly from a set of manifest assemblies based on header data associated with a data packet of the one or more data packets; and

process industrial data from the data packet in a priority queue to which the industrial data has been assigned in accordance with the manifest assembly.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authentication of cloud agents that collect and/or process industrial data facilitates secure communications with a cloud platform. An authentication component receives an authentication request from a cloud agent device residing at an industrial facility. The authentication component also authenticate the cloud agent device in response to the authentication request for a defined period of time based on an access key that uniquely identifies the cloud agent device residing at the industrial facility. A cloud data processing component receives, at a cloud platform, one or more data packets from the cloud agent device during the defined period of time and processes industrial data contained in the one or more data packets according processing instructions associated with the cloud platform.

73 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a memory that stores computer-executable components;
  
  a processor, operatively coupled to the memory, that executes the computer-executable components, the computer-executable components comprising;
  
  an authentication component configured to;
  
  receive, over a wide area network, an authentication request from a cloud agent device operating on a local area network in communication with a plurality of industrial devices associated with an industrial process in a facility;
  
  in response to the authentication request, generate an access key that authenticates the cloud agent device with a cloud platform for a defined period of time, wherein the access key uniquely identifies the cloud agent device for the facility; and
  
  transmit the access key to the cloud agent device; and
  
  a cloud data processing component configured to;
  
  receive, at the cloud platform, one or more data packets from the cloud agent device during the defined period of time;
  
  assign respective industrial data contained in the one or more data packets to priority queues in the cloud platform based on respective header data included with the one or more data packets, wherein the respective priority queues have different priority levels for data processing;
  
  select a manifest assembly from a set of manifest assemblies based on header data associated with a data packet of the one or more data packets; and
  
  process industrial data from the data packet in a priority queue to which the industrial data has been assigned in accordance with the manifest assembly.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the authentication component authorizes the cloud agent device to utilize one or more cloud services associated with the cloud platform based on metadata associated with the one or more data packets.
  - 3. The system of claim 1, wherein the authentication component pre-registers the cloud agent device with the cloud platform during a registration mode based on user input.
  - 4. The system of claim 1, wherein the authentication component is implemented on the cloud platform.
  - 5. The system of claim 1, wherein the authentication component selects the access key based on device identification data associated with the cloud agent device and facility data associated with the facility.
  - 6. The system of claim 5, wherein the authentication component determines an authentication policy for the cloud agent device based on the device identification data and the facility data.
  - 7. The system of claim 1, wherein respective priority queues are associated with distinct types of data of the industrial data.
  - 8. The system of claim 7, wherein the cloud data processing component comprises a manifest assembly repository configured to maintain the set of manifest assemblies that respectively define operations to be performed on the industrial data.
  - 9. The system of claim 8, wherein the cloud data processing component is further configured to receive an additional data packet from the from the cloud agent device during the defined period of time, wherein the additional data packet comprises a new manifest assembly, and to process the add the new manifest assembly to the manifest assembly repository.

10. A method, comprising:
- receiving over a wide area network, by a system comprising at least one processor, an authentication request from a cloud agent device operating on a local area network in communication with a plurality of industrial devices associated with an industrial process in a facility;
  
  in response to the authentication request, generating, by the system, an access key that authenticates the cloud agent device with a cloud platform for a defined interval of time, wherein the access key uniquely identifies the cloud agent device for the facility;
  
  transmitting, by the system, the access key to the cloud agent device;
  
  receiving, by the system, a data packet comprising industrial data from the cloud agent device during the defined interval of time;
  
  assigning, by the system, the industrial data to a priority queue of a plurality of priority queues on the cloud platform, wherein the priority queue is selected based on header data included with the data packet, and respective priority queues of the plurality of priority queues have different priority levels for data processing;
  
  selecting, by the system, a manifest assembly from a set of manifest assemblies based on the header data; and
  
  processing, by the system, the industrial data from the data packet in the priority queue in accordance with the manifest assembly.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, further comprising authorizing, by the system, the cloud agent device to utilize one or more cloud services associated with the cloud platform based on the metadata associated with the data packet.
  - 12. The method of claim 10, further comprising pre-registering, by the system, the cloud agent device with the cloud platform during a registration mode based on user input.
  - 13. The method of claim 10, further comprising generating, by the system, a different access key for the cloud agent device after the defined time interval.
  - 14. The method of claim 10, further comprising:
    - receiving, by the system, an additional data packet from the from the cloud agent device during the defined period of time, wherein the additional data packet comprises a new manifest assembly; and
      
      adding, by the system, the new manifest assembly to a manifest assembly repository comprising the set of manifest assemblies.
  - 15. The method of claim 10, wherein respective priority queues are associated with distinct types of industrial data.
  - 16. The method of claim 10, further comprising selecting, by the system, the access key based on device identification data associated with the cloud agent device and facility data associated with the facility.
  - 17. The method of claim 16, further comprising determining, by the system, an authentication policy for the cloud agent device based on the device identification data and the facility data.

18. A non-transitory computer-readable medium having stored thereon instructions that, in response to execution, cause a system comprising a processor to perform operations, the operations comprising:
- receiving, over a wide area network at a cloud platform, an authentication request from a cloud agent device operating on a local area network in communication with a plurality of industrial devices associated with an industrial process in a facility, wherein the authentication request requests authentication of the cloud agent device with the cloud platform;
  
  in response to the authentication request, generating, by the system, an access key that authenticates the cloud agent device with a cloud platform for a defined time period, wherein the access key uniquely identifies the cloud agent device with the facility;
  
  transmitting the access key to the cloud agent device;
  
  receiving one or more data packets from the cloud agent device during the defined time period;
  
  assigning respective industrial data contained in the one or more data packets to priority queues in the cloud platform based on respective header data included with the one or more data packets, wherein the respective priority queues have different priority levels for data processing;
  
  selecting a manifest assembly from a set of manifest assemblies based on header data associated with a data packet of the one or more data packets; and
  
  processing, by the system, industrial data from the data packet in a priority queue to which the industrial data has been assigned in accordance with the manifest assembly.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18, wherein the operations further comprise authorizing the cloud agent device to utilize one or more cloud services associated with the cloud platform based on the metadata.
  - 20. The non-transitory computer-readable medium of claim 18, wherein the operations further comprise selecting the access key based on device identification data associated with the cloud agent device and facility data associated with the facility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Asenjo, Juan L., Maturana, Francisco
Primary Examiner(s)
Lipman, Jacob

Application Number

US14/634,174
Publication Number

US 20150281233A1
Time in Patent Office

998 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 9/5072   Grid computing

H04L 63/068   using time-dependent keys, ...

H04L 63/0876   based on the identity of th...

H04L 67/1097   for distributed storage of ...

Device authentication to facilitate secure cloud management of industrial data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device authentication to facilitate secure cloud management of industrial data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links